Starting from 25 May 2018, the Regulation (EU) 2016/679 approved on 27 April 2016 by the European Parliament and the Council and concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data, is applicable in all member states of the European Union.
The key principle, of Anglo-Saxon origin, introduced by the new European Regulation is that of accountability which places on the Data Controller the obligation to implement adequate policies on data protection, with the adoption of technical and organizational measures, also certified, which are concretely demonstrable, as well as conforming to European provisions (principle of conformity or “compliance”).
From the point of view of the European legislator, each Data Controller can independently choose the organizational and management model of the Privacy that he deems most suitable for his own reality and consequently adopt the security measures he deems most effective.
The aforementioned Regulation provides for the obligation, for the Data Controller or Data Processor, to designate the DPO “when the processing is carried out by a public authority or by a public body, with the exception of the judicial authorities when they exercise their judicial functions” ( Article 37, paragraph 1, letter a).
RESPONSIBLE FOR DATA PROTECTION
The Data Protection Officer carries out the following tasks:
- Advisory function: he/she informs and provides advice to the Data Controller or Data Processor as well as to employees; if requested, he/she provides an opinion on the impact assessment on data protection and monitors its performance;
- Supervisory and guarantee function: he/she monitors compliance with Regulation (EU) 2016/679, with other provisions of the Union or of the Member States relating to data protection as well as with the policies of the Data Controller or of the data controller in terms of protection personal data, including the attribution of responsibilities;
- Contact function: he/she cooperates with the Supervisory Authority and acts as an interface between the Body and the interested parties”.
Contacts of the Personal Data Protection Officer (DPO)
Dott.ssa Cristina Canella